‘The Russians did it’ is still alive and well at the FBI and DOJ.
The timing of the announcement earlier today on the indictment of several Russian operatives is to influence the national election because what they are saying is basically impossible to prove.
We reported earlier today that the DOJ announced charges against 6 Russian GRU hackers who will never see the inside of an American courtroom.
The GRU hackers were charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft in an indictment returned by a federal grand jury in Pittsburgh.
One of the Russians charged on Monday, Anatoliy Sergeyevich Kovalev, was also previously indicted by former special counsel Robert Mueller.
For one thing, the level of detail included in the indictment suggests that American authorities are so confident about their insight into the workings of Russia’s cyber-operations that the U.S. intelligence community didn’t mind revealing how much it knows.
On March 8, 2020 and before on June 16, 2019, we presented arguments against the Mueller gang’s assertion that the DNC was hacked by Russians.
Cyber expert Yaacov Apelbaum posted an incredible report with information basically proving that the DNC was not hacked by the Russians.
Apelbaum’s first argument was this –
According to the WaPo (using CrowdStrike, DOJ, and their other usual hush-hush government sources in the know), the attack was perpetrated by a Russian unit lead by Lieutenant Captain Nikolay Kozachek who allegedly crafted a malware called X-Agent and used it to get into the network and install keystroke loggers on several PCs. This allowed them to see what the employees were typing and take screenshots of the employees’ computer.
This is pretty detailed information, but if this was the case, then how did the DOJ learn all of these ‘details’ and use them in the indictments without the FBI ever forensically evaluating the DNC/HRC computers? And since when does the DOJ, an organization that only speaks the language of indictments use hearsay and 3rd parties like the British national Matt Tait (a former GCHQ collector and a connoisseur of all things related to Russian collusion), CrowdStrike, or any other evidence lacking chain of custody certification as a primary source for prosecution?
A second point by Apelbaum was –
… that three of the Russian GRU officers on the DOJ wanted list were allegedly working concurrently on multiple non-related projects like interfering with the 2016 United States elections (both HRC and DNC) while at the same time they were also allegedly hacking anti-doping agencies (Images 2-3).
Above are pictures of the individuals the FBI says were working on both the DNC/HRC email hacking and the Olympic doping projects.
The same guys were working on both projects which is all but impossible. (Do we really know if they’re even Russians?)
The fact that the three had multiple concurrent high impact and high visibility project assignments is odd because this is not how typical offensive cyber intelligence teams operate. These units tend to be compartmentalized, they are assigned to a specific mission, and the taskforce stays together for the entire duration of the project.
Next Apelbaum questioned the Mueller gang’s assertion that the ‘hacker’ named Guccifer 2.0 was a Russian –
Any evidence that Guccifer 2.0 is Russian should be evaluated while keeping these points in mind:
-
He used a Russian VPN service to cloak his IP address, but did not use TOR. Using a proxy to conduct cyber operations is a SOP [Standard Operating Procedure] in all intelligence and LEA [Law Enforcement Agency] agencies. [i.e. Russia would have masked their VPN service]
-
He used the AOL email service that captured and forwarded his IP address and the same AOL email to contact various media outlets on the same day of the attack. This is so overt and amateurish that its unlikely to be a mistake and seems like a deliberate attempt to leave traceable breadcrumbs.
-
He named his Office User account Феликс Эдмундович (Felix Dzerzhinsky), after the founder of the Soviet Secret Police. Devices and accounts used in offensive cyberspace operations use random names to prevent tractability and identification. Why would anyone in the GRU use this pseudonym (beside the obvious reason) is beyond comprehension.
-
He copied the original Trump opposition research document and pasted it into a new .dotm template (with an editing time of about 2 minutes). This resulted in a change of the “Last Modified by” field from “Warren Flood” to “Феликс Эдмундович” and the creation of additional Russian metadata in the document. Why waste the time and effort doing this?
-
About 4 hours after creating the ‘Russian’ version of the document, he exported it to a PDF using LibreOffice 4.2 (in the process he lost/removed about 20 of the original pages). This was most likely done to show additional ‘Russian fingerprints’ in the form of broken hyperlink error messages in Russian (Images 4 and 5). Why bother with re-formatting and converting the source documents? Why not just get the raw data out in the original format ASAP?
Apelbaum next discussed Guccifer 2.0 –
In June 21, 2016, Lorenzo Franceschi-Bicchierai from Vice Motherboard interviewed a person who identified himself as “Guccifer 2.0”. During their on-line chat session, the individual claimed that he was Romanian (see transcript of the interview below). His poor Romanian language skills were later used to unmask his Russian identify.
…I’m not a scientific linguist nor do I even know where to find one if my life depended on it, but I’m certain that you can’t reliably determine nationality based on someone impersonating another language or from the use of fake metadata in files. This elaborate theory also has the obvious flaw of assuming that the Russian intelligence services are dumb enough to show up to an interview posing as Romanians without actually being able to read and write flaunt Romanian.
After providing a couple more examples of why the Russian story doesn’t stick, Apelbaum closes with this –
The bottom line is that if we want to go beyond the speculative trivia, the pseudo science, and the bombastic unverified claims, we have to ask the real tough questions, mainly: is Guccifer 2.0 even the real attacker and how did he circumvent all of the logs during several weeks of repeated visits while downloading close to 2 GB of data?
Esteemed NSA whistleblower Bill Binney reported in June 2019 that there was no way Russians hacked the DNC based on the speed of the transfer of the data that was hacked. But according to Apelbaum the transfer speeds is a minor issue here. It’s just an indicator that it would have been difficult for Guccifer 2 who was sitting in Romania to access the DNC system remotely.
Per an illustration from Apelbaum, Guccifer 2 is depicted as the red devil icon below:
This illustration shows the Crowdstrike was obviously false in its claims that Russia hacked the DNC.
This is because:
1. If Guccifer 2 did it from Romania (the red devil icon on the left of the illustration), he needed a 23 Mbit/s transfer rate. At the time of this hack in 2016, Romania was only supporting 16Mbit/s speeds. But to do that he had to go through all of the red hell in the middle of the illustration, which I don’t believe he did based on the poor technical skill set he demonstrated during his interview with Motherboard vice.
2. If the leak came from the inside (the half green half red icon in the right side of illustration), he had the full 23 Mbit/s transfer rate because he just plugged-in a USB drive to the computer. He also didn’t need any hacking skills because he most likely had full system access.
Finally, we know that WikiLeaks stated numerous times that Russia did not provide them with the emails they leaked in 2016 and Julian Assange stated that WikiLeaks had nothing to do with Russia.
On May 8, 2020 we were proven right when the testimony of Crowdstrike’s Shaun Henry were released by the House. In his testimony Henry stated that Crowdstrike had no information that Russia hacked the DNC and then forwarded hacked emails to WikiLeaks. This was a lie!
Now today, the FBI is back to blaming Russia.
They really must be desperate.
Here are some reasons why today’s announcement is more than questionable:
For one, today’s indictment again includes pictures of the culprits indicted by the FBI. The GRU is comparable to the CIA. These entities do not publish the pictures of their employees or agents.
This also leads back to the prior announcements by the Mueller gang. How could Mueller have identified the individuals they indicted without obtaining this information from Crowdstrike? And if this is the case, how could Crowdstrike obtain the images if they could not confirm that Russia even hacked the DNC?
If the Mueller gang did not obtain the images of the culprits from Crowdstrike, then how did the FBI obtain the images of the culprits? Did the FBI break into the GRU system? (highly unlikely)
In addition how could the FBI tie these individuals to any of this? There literally is no way to tie these individuals to these alleged incidents.
There basically is no way the FBI and the Mueller team could make these similar accusations. Because of this it is clear today’s announcement is meant to influence the 2020 election.
Based on information available today, we know there is no evidence that the Russians hacked the DNC. We also know it is basically impossible for the FBI to make the accusations they made today. Because of this it is clear that the FBI is using today’s announcement to influence the 2020 election.
